image_meta: Add ephemeral encryption properties

Add the `hw_ephemeral_encryption` and `hw_ephemeral_encryption_format`
image properties.

Change-Id: Ida3edbdd664fbc3ac23516b1ff5b67edae43ea79

doc/notification_samples/common_payloads/ImageMetaPropsPayload.json

@@ -4,5 +4,5 @@
         "hw_architecture": "x86_64"
     },
     "nova_object.name": "ImageMetaPropsPayload",
-    "nova_object.version": "1.9"
+    "nova_object.version": "1.10"
 }

nova/notifications/objects/image.py

@@ -126,7 +126,9 @@ class ImageMetaPropsPayload(base.NotificationPayloadBase):
     # Version 1.7: Added 'hw_input_bus' field
     # Version 1.8: Added 'bochs' as an option to 'hw_video_model'
     # Version 1.9: Added 'hw_emulation_architecture' field
-    VERSION = '1.9'
+    # Version 1.10: Added 'hw_ephemeral_encryption' and
+    #                     'hw_ephemeral_encryption_format' fields
+    VERSION = '1.10'
 
     SCHEMA = {
         k: ('image_meta_props', k) for k in image_meta.ImageMetaProps.fields}

nova/objects/fields.py

@@ -260,6 +260,14 @@ class BlockDeviceType(BaseNovaEnum):
     ALL = (CDROM, DISK, FLOPPY, FS, LUN)
 
 
+class BlockDeviceEncryptionFormatType(BaseNovaEnum):
+    PLAIN = 'plain'
+    LUKS = 'luks'
+    LUKSv2 = 'luksv2'
+
+    ALL = (PLAIN, LUKS, LUKSv2)
+
+
 class ConfigDrivePolicy(BaseNovaEnum):
     OPTIONAL = "optional"
     MANDATORY = "mandatory"
@@ -1197,6 +1205,10 @@ class BlockDeviceTypeField(BaseEnumField):
     AUTO_TYPE = BlockDeviceType()
 
 
+class BlockDeviceEncryptionFormatTypeField(BaseEnumField):
+    AUTO_TYPE = BlockDeviceEncryptionFormatType()
+
+
 class ConfigDrivePolicyField(BaseEnumField):
     AUTO_TYPE = ConfigDrivePolicy()
 

nova/objects/image_meta.py

@@ -188,14 +188,19 @@ class ImageMetaProps(base.NovaObject):
     # Version 1.29: Added 'hw_input_bus' field
     # Version 1.30: Added 'bochs' as an option to 'hw_video_model'
     # Version 1.31: Added 'hw_emulation_architecture' field
+    # Version 1.32: Added 'hw_ephemeral_encryption' and
+    #                     'hw_ephemeral_encryption_format' fields
     # NOTE(efried): When bumping this version, the version of
     # ImageMetaPropsPayload must also be bumped. See its docstring for details.
-    VERSION = '1.31'
+    VERSION = '1.32'
 
     def obj_make_compatible(self, primitive, target_version):
         super(ImageMetaProps, self).obj_make_compatible(primitive,
                                                         target_version)
         target_version = versionutils.convert_version_to_tuple(target_version)
+        if target_version < (1, 32):
+            primitive.pop('hw_ephemeral_encryption', None)
+            primitive.pop('hw_ephemeral_encryption_format', None)
         if target_version < (1, 31):
             primitive.pop('hw_emulation_architecture', None)
         if target_version < (1, 30):
@@ -449,6 +454,12 @@ class ImageMetaProps(base.NovaObject):
         # version of emulated TPM to use.
         'hw_tpm_version': fields.TPMVersionField(),
 
+        # boolean - if true will enable ephemeral encryption for instance
+        'hw_ephemeral_encryption': fields.FlexibleBooleanField(),
+        # encryption format to be used when ephemeral encryption is enabled
+        'hw_ephemeral_encryption_format':
+            fields.BlockDeviceEncryptionFormatTypeField(),
+
         # if true download using bittorrent
         'img_bittorrent': fields.FlexibleBooleanField(),
 

nova/tests/functional/notification_sample_tests/test_instance.py

@@ -1231,7 +1231,7 @@ class TestInstanceNotificationSample(
                     'nova_object.data': {},
                     'nova_object.name': 'ImageMetaPropsPayload',
                     'nova_object.namespace': 'nova',
-                    'nova_object.version': '1.9',
+                    'nova_object.version': '1.10',
                 },
                 'image.size': 58145823,
                 'image.tags': [],
@@ -1327,7 +1327,7 @@ class TestInstanceNotificationSample(
                     'nova_object.data': {},
                     'nova_object.name': 'ImageMetaPropsPayload',
                     'nova_object.namespace': 'nova',
-                    'nova_object.version': '1.9',
+                    'nova_object.version': '1.10',
                 },
                 'image.size': 58145823,
                 'image.tags': [],

nova/tests/unit/notifications/objects/test_notification.py

@@ -386,7 +386,7 @@ notification_object_data = {
     # ImageMetaProps, so when you see a fail here for that reason, you must
     # *also* bump the version of ImageMetaPropsPayload. See its docstring for
     # more information.
-    'ImageMetaPropsPayload': '1.9-24a851511d98e652aebd3536e7e08330',
+    'ImageMetaPropsPayload': '1.10-44cf0030dc94a1a60ba7a0e222e854d6',
     'InstanceActionNotification': '1.0-a73147b93b520ff0061865849d3dfa56',
     'InstanceActionPayload': '1.8-4fa3da9cbf0761f1f700ae578f36dc2f',
     'InstanceActionRebuildNotification':

nova/tests/unit/objects/test_image_meta.py

@@ -349,6 +349,34 @@ class TestImageMetaProps(test.NoDBTestCase):
             self.assertRaises(exception.ObjectActionError,
                               obj.obj_to_primitive, '1.0')
 
+    def test_obj_make_compatible_hw_ephemeral_encryption(self):
+        """Check 'hw_ephemeral_encryption(_format)' compatibility."""
+        # assert that 'hw_ephemeral_encryption' and
+        # 'hw_ephemeral_encryption_format' is supported
+        # on a suitably new version
+        new_fields = (
+            'hw_ephemeral_encryption',
+            'hw_ephemeral_encryption_format'
+        )
+        eph_format = objects.fields.BlockDeviceEncryptionFormatType.LUKS
+        obj = objects.ImageMetaProps(
+            hw_ephemeral_encryption='yes',
+            hw_ephemeral_encryption_format=eph_format,
+        )
+        primitive = obj.obj_to_primitive('1.32')
+        for field in new_fields:
+            self.assertIn(field, primitive['nova_object.data'])
+        self.assertTrue(
+            primitive['nova_object.data']['hw_ephemeral_encryption'])
+        self.assertEqual(
+            eph_format,
+            primitive['nova_object.data']['hw_ephemeral_encryption_format'])
+
+        # and is absent on older versions
+        primitive = obj.obj_to_primitive('1.31')
+        for field in new_fields:
+            self.assertNotIn(field, primitive['nova_object.data'])
+
     def test_obj_make_compatible_hw_emulation(self):
         """Check 'hw_emulation_architecture' compatibility."""
         # assert that 'hw_emulation_architecture' is supported

nova/tests/unit/objects/test_objects.py

@@ -1072,7 +1072,7 @@ object_data = {
     'HyperVLiveMigrateData': '1.4-e265780e6acfa631476c8170e8d6fce0',
     'IDEDeviceBus': '1.0-29d4c9f27ac44197f01b6ac1b7e16502',
     'ImageMeta': '1.8-642d1b2eb3e880a367f37d72dd76162d',
-    'ImageMetaProps': '1.31-27337af769b0c85b4ba4be8aebc1a65d',
+    'ImageMetaProps': '1.32-4967d35948af08b710b8b861f3fff0f9',
     'Instance': '2.7-d187aec68cad2e4d8b8a03a68e4739ce',
     'InstanceAction': '1.2-9a5abc87fdd3af46f45731960651efb5',
     'InstanceActionEvent': '1.4-5b1f361bd81989f8bb2c20bb7e8a4cb4',